GDPR Compliance
How we protect your privacy
Are we compliant with GDPR?
Compliance with the General Data Protection Regulation (GDPR) is integral to all our systems and processes. GDPR is the standard in the European Union (EU) governing the privacy and data protection of EU residents. Wolke stands ready to support and assist its clients who have employees residing in the EU as they also meet their own obligations under GDPR.
What is GDPR Compliance
In response to the public’s growing concern about privacy, the European Parliament adopted the GDPR to replace an outdated data protection directive from 1995. GDPR establishes more stringent requirements for businesses to protect the personal data and privacy of citizens of the European Union and the European Economic Area (EEA). The regulation applies for transactions that occur within EU member states, as well as the transfer of personal data outside the EU and EEA areas.
GDPR is not optional, and any company that does comply faces the threat of large fines, depending on the severity and circumstances of the violation. These fines can be as steep as 4 percent of annual global revenue or up to €20 million. Every organization that does business in Europe or with EU or EEA citizens must ensure that they are following GDPR guidelines; non-compliance could cost them greatly.
To comply with GDPR, companies who have EU based employees need to comply with the following important requirements:
- Obtain consent to collect and process personal information
- Protect personal data
- Control access to personal data
- Provide the option to erase personal data
- Inform customers of data breaches
Our approach to GDPR for HR Professionals
Wolke is staying ahead of the GDPR changes, both in its role as a data processor and in support of data controllers. Wolke’s efforts include:
- Our goal is to provide a great software platform that allows clients to comply with GDPR requirements while having a great experience.
- Ensuring data is protected during transmission and while it is being hosted by using industry-standard technical processes and procedures. We demonstrate our compliance with these critical requirements through an annual SOC II audit by an independent auditor.
- Our data centers and collection networks are located within the European Union. For these critical processes, we have selected a world-class service provider: Microsoft Azure. Our stringent data protection and security standards made them the obvious choice for all customer data, including data from EMEA, the United States, and the EU.
- Developing a Data Processing Agreement (DPA) that complies with GDPR with help from EU and U.S. legal counsel. It also incorporates the European Model Clauses, also known as the Standard Contractual Clauses, which will be used by all clients who are data controllers under the GDPR.
- The GDPR defines acceptable timelines for processing client data requests, whether you are requesting consent, providing access, or erasing data. We will also notify you promptly in the event of a data breach.
- To support our clients’ compliance efforts, we stay abreast of GDPR developments and guidance.
Frequently Asked Questions
Check out the questions and answers below for more information about One people
We put employees first with a cloud-based suite of HR & Payroll solutions called One People. We provide you with a powerful HR Information System, Payroll, as well as tools for onboarding, learning, performance management, and people analytics.
- People Management
- Payroll
- Employee Experience
- Expense Claim
- Performance Management
- Time Attendance
Here are the usual integration methods used to connect One people with third-party applications.
- API
- File Exchange (CSV files, Excel files, and everything else..)
- Web Services
The minimum number of employees for all of our subscription options is five. It is possible to use the One people platform with fewer employees than this, but you will still be charged for a minimum of 5 employees for each of the products and services that you use.
We bill annual contract on the day of signing, and monthly contracts on the 1st of every month. If you sign up during the month, your first month’s bill will be prorated.
One people also accepts all major credit and debit cards as well as electronic bank transfers via ACH.
If you decide to cancel your One people account, you can do so at any time. Should you choose to cancel, please understand that prorated refunds are not available. During the current monthly billing period, your account will remain active without further charges.
You can expect to spend between one & four weeks depending on the size of your organization.
Microsoft Azure West Europe data center in the Netherlands hosts One People customer data. Sensitive fields are encrypted in transit, and the data center uses advanced encryption techniques at rest. Furthermore, the data center located in Netherlands meets the data requirements of the European Union, the European Economic Area, Switzerland, and the United Kingdom.
Among the measures we take to prevent data leaks and unauthorized access are:
- Data security with multiple levels of defense
- Regular vulnerability scanning
- Web application firewall
- SOC II audits by third parties
- Penetration tests annually
Microsoft Azure West Europe data center in the Netherlands hosts One People customer data. Sensitive fields are encrypted in transit, and the data center uses advanced encryption techniques at rest. Furthermore, the data center located in Netherlands meets the data requirements of the European Union, the European Economic Area, Switzerland, and the United Kingdom.
Among the measures we take to prevent data leaks and unauthorized access are:
- Data security with multiple levels of defense
- Regular vulnerability scanning
- Web application firewall
- SOC II audits by third parties
- Penetration tests annually